The power of this PoC is to show that we can have the best of both worlds and show security consultants and developers the best possible environment/UI for them to analyze, review and fix security vulnerabilities.

We start with an instance of Eclipse Juno with the Fortify Plug-in installed, where I opened the Fortify Audit perspective, in order to have access to the multiple Fortify specific views:

Next I opened an instance of WebInspect 10.0:

Since we need to add a couple panels into WebInspect (which is a .NET process), the first step is to inject an O2 REPL UI into the WebInspect process.

Note 1: if we were doing a pure Win32 Handle Hijacking this would not be needed, but in this case I want to control where the Fortify Views will be placed.

Note 2: since Web Inspect is running with elevated privileges (i.e. full admin), we will also need to run the O2 Platform with the same privileges (or the dll injection will not work).

The script/tool that I’m going to use is the Util - Inject O2 into other processes.h2, which can be executed from here:

…or here:

On the Util - Inject O2 into other processes.h2 UI, find the WebInspect process on the left-hand-side process list (a screenshot of the process should be visible if we have enough privileges to inject into this process) and click on the ‘Inject O2 REPL into Process’ button:

An C# REPL Editor should appear (a good clue that the injection worked ok is the fact that the top-left icon of the the REPL Form matches the icon of WebInspect):

Another way to confirm that this C# REPL script is indeed inside the WebInspect process, is to execute:

return Processes.getCurrentProcess();

… which will return the C# object of the current process (note the ProcessName value below):

Since WebInspect is using .NET WinForms as its main windows host (there are a number of WPF controls in there, but the main window is an instance of System.Windows.Forms.Form), we can use this command to get the list of open forms:

var openForms = Application.OpenForms;
return openForms;

Which in this case returns 3 Form Controls:

the main WebInspect UI

an hidden WebInspect update window

the O2 platform C# REPL (currently executing the script)

Next, using this script:

var form = (Form)Application.OpenForms[1];
return form;

... we find the Form we want:

… which is of type SPI.WebInspect.MainForm:

…from the WebInspect.exe assembly:

… which means that we can get a strongly type reference to that control:

... after adding a reference to the SPI.UI.dll (as requested by the error shown above):

… is that the .NET object shown in the output window, is the real WebInspect main Form object (see below how I changed the title of the main WebInspect window (from the PropertyGrid shown in the C# REPL output panel)):

Next (because we can) we are going to inject this script environment right into WebInspect UI, using the script: